## Resetting the Switch to Factory Defaults The switch can be reset through the on screen display's menu. This can be controlled using the two available buttons, ``menu`` and ``enter``. To factory reset the switch, do the following: 1. Press the ``menu`` button to bring up the on screen menu. You may have to press the button twice, once to activate the screen and once to open the menu. 2. Press the ``menu`` button until you see that ``Maintenance`` is selected. 3. Press the ``enter`` button. 4. Press the ``menu`` button until ``Factory Default`` is selected. 5. Press the ``enter`` button once to select, and a second time to confirm. ## Connecting to the Switch ### Console The Aruba S2500 has a micro USB port on the back which exposes a serial interface that can be used to manage the switch. To connec to the serial interface you will need a computer, a micro USB cable, and a serial application (here we are using `screen`). 1. Connect the USB serial port on the back of the switch to your computer 2. Connect to the serial port with screen - `sudo screen /dev/ttyUSB0 9600` (replace `ttyUSB0` with the device node your system assigns to the switch) 3. Login with the default username and password - username: `password` - password: `forgetme!` You should now be dropped to a shell that looks like the below ``` (ArubaS2500-48P-US) > ``` ## Setting the Switch's Account Passwords Relevant forum thread [here](https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=9356). First, login with the default credentials ``` User: password Password: forgetme! ``` Next, go into `enable` mode. ``` (aruba) >enable Password: enable ``` Set the admin user's password. ``` (aruba) #configure terminal Enter Configuration commands, one per line. End with CNTL/Z (aruba) (config) #mgmt-user admin root Password: yourpassword Retype password: yourpassword ``` Logout and log back in. Then go into `enable` mode. ``` (aruba) (config) #exit (aruba) #exit (aruba) >exit User: admin Password: yourpassword (aruba) >enable Password: enable ``` Configure the `enable` mode password. ``` (aruba) #configure terminal Enter Configuration commands, one per line. End with CNTL/Z (aruba) (config) #enable secret Password: yourenablepassword Re-Type password: yourenablepassword (aruba) (config) #write memory ``` ## Update the Switch's Firmware Based on the guide available [here](https://community.arubanetworks.com/community-home/librarydocuments/viewdocument?DocumentKey=92ce82d5-13a7-47cf-8613-73416fa579d3&CommunityKey=2fd943a6-8898-4dbe-915f-4f09e4d3c317&tab=librarydocuments). To update the switch's firmware, you will need to copy the upgrade file to a USB drive and connect it to the USB port on the rear of the switch. ### Download the Firmware Firmware upgrades are available for download from Aruba without a licence key. An account is required. Aruba does not allow users to make accounts with public email providers (gmail, hotmail, etc.), so you will either have to use a different email provider for your account or try to find the file elsewhere on the internet. For posterity, the `sha256sum` of the latest firmware upgrade avilable as of Jan 24, 2023 is as follows. `ArubaOS_MAS_7.4.1.9_62608`: `613abae502736c7c7ac2a0548edf506280d2afb8d2762db784ffa68f5cd6c52c` ### Copy the Firmware to a USB Drive You will need to format a USB drive as FAT32. You can put the firmware binary anywhere on the filesystem. I would suggest putting it at the root as this is easiest to type into the switch's console. ### Install the Firmware From the switch's console, login and escalate your privileges. ``` (ArubaS2500-48P-US) User: admin Password: ****** (ArubaS2500-48P-US) >enable Password:****** ``` Then, install the firmware using the `copy` command. ``` (ArubaS2500-48P-US) #copy usb ArubaOS_MAS_7.4.1.9_62608 system: partition 0 ................................................File ArubaOS_MAS_7.4.1.9_62608 copied to partition 0 successfully. ``` Reboot the switch ``` (ArubaS2500-48P-US) #reload Do you really want to restart the system(y/n): y System will now restart! ``` ## Running through Quick Setup ### Console After logging into the switch's console, you need to launch the switch's `Quick-setup` program. This can be done by running the `enable` command and providing the password `enable` as seen below. You will then need to press `y` berfore the `Quick-setup` prompt times out. ``` ArubaS2500-48P-US) >enable Password:enable Quick-setup helps in setting the basic configuration of the system Autoconfiguration of system will be stopped, if Quick-setup is launched by user Invoke Quick-setup (y|n)??? [y]:y ``` ## Tips for Navigating the Console ### Hotkeys In the switch's console interface, there are some hotkeys that you should be aware of. `?`: Pressing the question mark key at any time displays all the possible options you could complete your command with. This takes into account the characters you already have types. You can use it both to list commands and their subcommands or parameters. You can also use the question mark to list the set of valid configuration parameters you can set in the current configuration context. `TAB`: Pressing the tab key will auto complete the current command if it is not ambiguous. If it is, nothing will happen. `!`: You can enter an exclamation mark character to back out of the current configuration block. This is quicker than typing `exit`. ### Shell Prompt The shell prompt can provide you some helpful information on what context you are currently working in. In the following command line, each field is as follows. ``` (hostname) (config_context) (#/>) ``` - `hostname` is your device's hostname. - `config` context is the current configuration context you are in (this will be absent if you are not in the configuration utility.) - `#/>` denotes whether you are in `enable` mode or not. A `#` signafies `enable` mode ### Saving Your Changes Remember to save your changes when you are done. This can be done by running the `write memory` command. ## Configuring VLANs To configure a VLAN, two steps must be done. ### 1. Creating the VLAN To create a VLAN, use the `vlan` command. It is helpful to give your VLAN's a description you can reference later. ``` ArubaS2500-48P) (config) #vlan 60 (ArubaS2500-48P) (VLAN "60") #? aaa-profile VLAN AAA profile clone Copy data from another VLAN description VLAN description dhcp-snooping-database Add Static Snoop mac entry dhcp-snooping-profile dhcp snooping profile name igmp-snooping-profile igmp snooping profile name mac-address-table Configure the MAC address table mac-aging-time Mac Aging Time in Minutes mld-snooping-profile mld snooping profile name no Delete Command pvst-profile per vlan rapid spanning tree profile name (ArubaS2500-48P) (VLAN "60") #description "office" (ArubaS2500-48P) (VLAN "60") #! ``` ### 2. Creating a Port Profile Next, you will have to create a port profile that makes uses of your configured VLAN. This configuration differs if you want the port to have tagged traffic. #### 2a. Port With Untagged Traffic In this example, we will create a port profile configured to route traffic for VLAN 60 untagged. ``` interface-profile switching-profile "general" access-vlan 60 native-vlan 60 trunk allowed vlan 60 ! ``` #### 2b. Port with Tagged and Untagged Traffic In this example, we will create a port with VLANs 10 and 20 configured for tagged traffic and VLAN 60 configured for untagged traffic. ``` interface-profile switching-profile "uplink" switchport-mode trunk access-vlan 60 native-vlan 60 trunk allowed vlan 10,20,60 ! ``` Remember to set the `switchport-mode trunk` param on any profile that needs to route untagged traffic. ### 3. Apply Port Profile to Port Finally, we need to apply this profile to a port. In this example, I will be applying the profile `office` to the Gigabit Ethernet port `0/0/0` which is the lowest numbered Gigabit port on the switch (port 0). ``` (ArubaS2500-48P) (config) #interface gigabitethernet 0/0/0 (ArubaS2500-48P) (gigabitethernet "0/0/0") #switching-profile "office" (ArubaS2500-48P) (gigabitethernet "0/0/0") #! ``` ## Exposing the Configuration Interfaces to Your Network ## Configuring the Managment Interface The switch's managmement functions needs to be configured to listen on a specific interface. In this example, we will be configuring it to listen on VLAN 60. ### Configure the Connection on the Desired Interface ``` (ArubaS2500-48P) (ip-profile) #interface vlan 60 (ArubaS2500-48P) (VLAN "10") #description "office" (ArubaS2500-48P) (VLAN "10") #! ``` For a static IP: ``` (ArubaS2500-48P) (vlan "60") #ip address 10.0.0.10 255.255.255.0 ``` For DHCP: ``` (ArubaS2500-48P) (vlan "60") #ip address dhcp-client ``` ### Configure the Controller to Listen on This Interface First, open the `ip-profile` settings. ``` (ArubaS2500-48P) (config) #ip-profile (ArubaS2500-48P) (ip-profile) #? controller-ip Configure controller IP default-gateway Specify default gateway no Delete Command prefix-list Configure prefix list route Configure static route A.B.C.D ``` Next, configure the `controller-ip`. ``` (ArubaS2500-48P) (ip-profile) #controller-ip vlan 60 Since controller IP address will change, connectivity to this controller might be affected. Do you want to proceed with this action [y/n]: y ``` Finally, configure the `default-gateway`. This value will be different if you are using a static IP or DHCP on your desired interface. For a static IP: ``` (ArubaS2500-48P) (ip-profile) #default-gateway 10.0.0.1 ``` For DHCP: ``` (ArubaS2500-48P) (ip-profile) #default-gateway import dhcp ``` ### Enable the WebUI To enable the WebUI, we need to enable the `mgmt-ui-ports` option on the `web-server` configuration param. ``` (ArubaS2500-48P) (config) #web-server (ArubaS2500-48P) (Web Server Configuration) #? captive-portal-cert Certificate name configured under certificate manager captive-portal-ports Enable or Disable Captive Portal Ports 8080/8081 ciphers Configure cipher suite strength. Default is high mgmt-auth Configure management user's WebUI access method, either username/password authentication or certificate authentication or both. Default is username/password authentication mgmt-ui-ports Enable or Disable Webserver no Delete Command session-timeout Configure user's WebUI session timeout <30-3600> (seconds) ssl-protocol SSL/TLS Protocol Config switch-cert Certificate name configured under certificate manager web-max-clients Configure web servers' maximum supported concurrent clients <25-400> (ArubaS2500-48P) (Web Server Configuration) #mgmt-ui-ports (ArubaS2500-48P) (Web Server Configuration) #! ```